diff --git a/l10n.properties b/l10n.properties
new file mode 100644
index 0000000000..25d85776f6
--- /dev/null
+++ b/l10n.properties
@@ -0,0 +1,4 @@
+# Localisation config overrides for Records Management module
+MESSAGE_SEARCH_PATH="rm-server/config rm-share/config"
+EXCLUDED_FILES="$EXCLUDED_FILES rm-method-security.properties"
+EXTENSION_PREFIX=-RM
\ No newline at end of file
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-disposition-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-disposition-context.xml
index 9df8c9a2a6..8a35357f96 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-disposition-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-disposition-context.xml
@@ -210,6 +210,7 @@
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties
index 52e96cc45d..6ad06364f6 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties
@@ -85,8 +85,8 @@ capability.CreateModifyDestroyRoles.title=Create Modify Destroy Roles
capability.CreateModifyDestroyUsersAndGroups.title=Create Modify Destroy Users and Groups
capability.PasswordControl.title=Password Control
capability.DisplayRightsReport.title=Display Rights Report
-capability.ManageAccessControls.title=Manage Access Controls
-capability.ManageAccessRights.title=Manage Access Rights
+capability.ManageAccessControls.title=Group and User Role Assignment
+capability.ManageAccessRights.title=Manage Permissions
# Configuration
capability.group.config.title=Configuration
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/template_ja.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/template_ja.properties
index a4a82172d9..b79d84f3da 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/template_ja.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/template_ja.properties
@@ -1,6 +1,6 @@
# File Report Template
file.report.acession.report=\u53d7\u8afe\u30ec\u30dd\u30fc\u30c8
-file.report.date.format=EEE MMM dd HH:mm:ss zzz yyyy
+file.report.date.format=EEE\u5e74MMM\u6708dd\u65e5\u3001HH:mm:ss zzz yyyy
file.report.declared.by=\u5ba3\u8a00\u8005
file.report.declared.on=\u30aa\u30f3
file.report.destroyed=\u7834\u68c4\u6e08\u307f
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
index 7895f20541..79702d97ef 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
@@ -426,6 +426,8 @@
UNFILED_RECORD_FOLDER
HOLD_CONTAINER
HOLD
+ TRANSFER
+ TRANSFER_CONTAINER
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties
index 916a69ca45..385b0d397e 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-method-security.properties
@@ -174,12 +174,12 @@ rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getPermiss
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getAllSetPermissions=RM.Read.0
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getSettablePermissions=RM_ALLOW
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.hasPermission=RM_ALLOW
-rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermissions=RM.Capability.0
-rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermission=RM.Capability.0
-rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setPermission=RM.Capability.0
-rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=RM.Capability.0
+rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermissions=RM_CAP.0.rma:filePlanComponent.ManageAccessRights
+rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.deletePermission=RM_CAP.0.rma:filePlanComponent.ManageAccessRights
+rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setPermission=RM_CAP.0.rma:filePlanComponent.ManageAccessRights
+rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.setInheritParentPermissions=RM_CAP.0.rma:filePlanComponent.ManageAccessRights
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.getInheritParentPermissions=RM_ALLOW
-rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.clearPermission=RM.Capability.0
+rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.clearPermission=RM_CAP.0.rma:filePlanComponent.ManageAccessRights
rm.methodsecurity.org.alfresco.service.cmr.security.PermissionService.*=RM_DENY
## Site service
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/TransferCompleteAction.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/TransferCompleteAction.java
index 0304e1521b..527175bc81 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/TransferCompleteAction.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/action/impl/TransferCompleteAction.java
@@ -36,6 +36,9 @@ public class TransferCompleteAction extends RMActionExecuterAbstractBase
/** I18N */
private static final String MSG_NODE_NOT_TRANSFER = "rm.action.node-not-transfer";
+ /** Action name */
+ public static final String NAME = "transferComplete";
+
/** Transfer service */
private TransferService transferService;
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
index cb08db9dea..e05aebda12 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
@@ -80,10 +80,6 @@ public class CreateCapability extends DeclarativeCapability
*/
public int evaluate(NodeRef destination, NodeRef linkee, QName assocType)
{
- //if the user doesn't have Create Record capability deny access
- if(capabilityService.getCapabilityAccessState(destination, RMPermissionModel.CREATE_RECORDS) == AccessStatus.DENIED)
- return AccessDecisionVoter.ACCESS_DENIED;
-
if (linkee != null)
{
int state = checkRead(linkee, true);
@@ -98,7 +94,7 @@ public class CreateCapability extends DeclarativeCapability
{
if (linkee == null)
{
- if (recordService.isRecord(destination) &&
+ if (recordService.isRecord(destination) &&
!recordService.isDeclared(destination) &&
permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
{
@@ -124,14 +120,14 @@ public class CreateCapability extends DeclarativeCapability
conditions.put("capabilityCondition.frozen", Boolean.FALSE);
conditions.put("capabilityCondition.closed", Boolean.FALSE);
conditions.put("capabilityCondition.cutoff", Boolean.FALSE);
-
+
// if the destination folder is not a record folder and the user has filling capability on it, grant access to create the record
if (checkConditions(destination, conditions) &&
!recordFolderService.isRecordFolder(destination) )
{
return AccessDecisionVoter.ACCESS_GRANTED;
}
-
+
if (checkConditions(destination, conditions) &&
recordFolderService.isRecordFolder(destination) &&
permissionService.hasPermission(destination, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CapabilityPolicy.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CapabilityPolicy.java
deleted file mode 100644
index 6f60fd7f67..0000000000
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/policy/CapabilityPolicy.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (C) 2005-2014 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see .
- */
-package org.alfresco.module.org_alfresco_module_rm.capability.policy;
-
-import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
-import org.alfresco.service.cmr.repository.NodeRef;
-import org.aopalliance.intercept.MethodInvocation;
-
-/**
- *
- * @author Roy Wetherall
- * @since 2.1
- */
-public class CapabilityPolicy extends AbstractBasePolicy
-{
- /**
- * @see org.alfresco.module.org_alfresco_module_rm.capability.policy.Policy#evaluate(org.aopalliance.intercept.MethodInvocation, java.lang.Class[], org.alfresco.module.org_alfresco_module_rm.capability.policy.ConfigAttributeDefinition)
- */
- @Override
- @SuppressWarnings("rawtypes")
- public int evaluate(
- MethodInvocation invocation,
- Class[] params,
- ConfigAttributeDefinition cad)
- {
- NodeRef testNodeRef = getTestNode(invocation, params, cad.getParameters().get(0), cad.isParent());
- return getCapabilityService().getCapability(RMPermissionModel.MANAGE_ACCESS_CONTROLS).evaluate(testNodeRef);
- }
-
-}
\ No newline at end of file
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/app/evaluator/TransferEvaluator.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/app/evaluator/TransferEvaluator.java
index 06a89aa953..56cb735b6a 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/app/evaluator/TransferEvaluator.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/jscript/app/evaluator/TransferEvaluator.java
@@ -22,9 +22,13 @@ import java.util.List;
import org.alfresco.module.org_alfresco_module_rm.jscript.app.BaseEvaluator;
import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.RegexQNamePattern;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
/**
* Evaluates whether the node in question is transferring is either a transfer or accession.
@@ -33,6 +37,9 @@ import org.alfresco.service.namespace.RegexQNamePattern;
*/
public class TransferEvaluator extends BaseEvaluator
{
+ /** Logger */
+ private static Log logger = LogFactory.getLog(TransferEvaluator.class);
+
/** indicates whether we are looking for accessions or transfers */
private boolean transferAccessionIndicator = false;
@@ -55,8 +62,18 @@ public class TransferEvaluator extends BaseEvaluator
NodeRef transfer = getTransferNodeRef(nodeRef);
if (transfer != null)
{
- boolean actual = ((Boolean)nodeService.getProperty(transfer, RecordsManagementModel.PROP_TRANSFER_ACCESSION_INDICATOR)).booleanValue();
- result = (actual == transferAccessionIndicator);
+ try
+ {
+ boolean actual = ((Boolean)nodeService.getProperty(transfer, RecordsManagementModel.PROP_TRANSFER_ACCESSION_INDICATOR)).booleanValue();
+ result = (actual == transferAccessionIndicator);
+ }
+ catch (AccessDeniedException ade)
+ {
+ logger.info("The user '"
+ + AuthenticationUtil.getFullyAuthenticatedUser()
+ + "' does not have permissions on the node '"
+ + transfer + "'.");
+ }
}
return result;
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
index dff4959767..2822e6d124 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/FilePlanPermissionServiceImpl.java
@@ -308,13 +308,31 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
public void onCreateTransfer(final ChildAssociationRef childAssocRef)
{
mandatory("childAssocRef", childAssocRef);
- NodeRef childRef = childAssocRef.getChildRef();
+
+ final NodeRef childRef = childAssocRef.getChildRef();
setupPermissions(childAssocRef.getParentRef(), childRef);
- // Give read permissions for all RM roles for the transfer folders (see RM-1800).
- // This behaviour will be changed once the add manage permission option is added in the UI for the transfers containers.
- NodeRef filePlan = getFilePlanService().getFilePlan(childRef);
- String allRoles = getFilePlanRoleService().getAllRolesContainerGroup(filePlan);
- getPermissionService().setPermission(childRef, allRoles, READ_RECORDS, true);
+
+ final String user = AuthenticationUtil.getFullyAuthenticatedUser();
+
+ final boolean hasUserPermission = authenticationUtil.runAs(new AuthenticationUtil.RunAsWork()
+ {
+ public Boolean doWork()
+ {
+ return getPermissionService().hasPermission(childRef, RMPermissionModel.FILING) == AccessStatus.ALLOWED;
+ }
+ }, user);
+
+ if (!hasUserPermission)
+ {
+ authenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork()
+ {
+ public Void doWork()
+ {
+ getPermissionService().setPermission(childRef, user, RMPermissionModel.FILING, true);
+ return null;
+ }
+ });
+ }
}
/**
@@ -545,7 +563,7 @@ public class FilePlanPermissionServiceImpl extends ServiceBaseImpl
private boolean canPerformPermissionAction(NodeRef nodeRef)
{
- return isFilePlanContainer(nodeRef) || isRecordFolder(nodeRef) || isRecord(nodeRef);
+ return isFilePlanContainer(nodeRef) || isRecordFolder(nodeRef) || isRecord(nodeRef) || isTransfer(nodeRef);
}
/**
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/IntegrationTestSuite.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/IntegrationTestSuite.java
index 2c7c2b723a..9fc384de39 100755
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/IntegrationTestSuite.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/IntegrationTestSuite.java
@@ -53,7 +53,8 @@ import org.junit.runners.Suite.SuiteClasses;
JobTestSuite.class,
HoldTestSuite.class,
VersionTestSuite.class,
- RelationshipTestSuite.class
+ RelationshipTestSuite.class/*,
+ TransferTestSuite.class*/
})
public class IntegrationTestSuite
{
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java
index 726c8ab7ad..0066a3ea58 100755
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/issue/RM1008Test.java
@@ -293,7 +293,7 @@ public class RM1008Test extends BaseRMTestCase
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
- assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
+ assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
@@ -319,8 +319,8 @@ public class RM1008Test extends BaseRMTestCase
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
- assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
- assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(transfer, RMPermissionModel.READ_RECORDS));
+ assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(transfer));
+ assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.READ_RECORDS));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
@@ -346,7 +346,7 @@ public class RM1008Test extends BaseRMTestCase
Capability viewRecords = capabilityService.getCapability("ViewRecords");
assertNotNull(viewRecords);
- assertEquals(AccessStatus.ALLOWED, viewRecords.hasPermission(transfer));
+ assertEquals(AccessStatus.DENIED, viewRecords.hasPermission(transfer));
assertEquals(AccessStatus.DENIED, permissionService.hasPermission(transfer, RMPermissionModel.FILING));
return null;
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java
index a96d7b8c30..1f410afb6a 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/record/CreateRecordTest.java
@@ -28,29 +28,28 @@ import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
-import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.GUID;
/**
* Create record tests.
- *
+ *
* @author Roy Wetherall
* @since 2.2
*/
public class CreateRecordTest extends BaseRMTestCase
-{
+{
public void testCreateRecordCapabilityOnly() throws Exception
{
doBehaviourDrivenTest(new BehaviourDrivenTest()
{
/** test data */
String roleName = GUID.generate();
- String user = GUID.generate();
+ String user = GUID.generate();
NodeRef recordFolder;
NodeRef record;
-
+
public void given()
{
// create role
@@ -58,42 +57,42 @@ public class CreateRecordTest extends BaseRMTestCase
capabilities.add(capabilityService.getCapability("ViewRecords"));
capabilities.add(capabilityService.getCapability("CreateRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
-
+
// create user and assign to role
- createPerson(user, true);
+ createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
-
+
// create file plan structure
NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate());
recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate());
}
-
+
public void when()
{
// give read and file permissions to user
filePlanPermissionService.setPermission(recordFolder, user, RMPermissionModel.FILING);
-
+
AuthenticationUtil.runAs(new RunAsWork()
{
public Void doWork() throws Exception
{
record = recordService.createRecordFromContent(recordFolder, GUID.generate(), TYPE_CONTENT, null, null);
-
+
return null;
}
- }, user);
+ }, user);
}
-
+
public void then()
{
// check the details of the record
assertTrue(recordService.isRecord(record));
}
- });
+ });
}
-
+
/**
- * @see
+ * @see
*/
public void testCreateRecordCapabilityOnlyFromFileFolderService() throws Exception
{
@@ -101,10 +100,10 @@ public class CreateRecordTest extends BaseRMTestCase
{
/** test data */
String roleName = GUID.generate();
- String user = GUID.generate();
+ String user = GUID.generate();
NodeRef recordFolder;
NodeRef record;
-
+
public void given()
{
// create role
@@ -112,45 +111,45 @@ public class CreateRecordTest extends BaseRMTestCase
capabilities.add(capabilityService.getCapability("ViewRecords"));
capabilities.add(capabilityService.getCapability("CreateRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
-
+
// create user and assign to role
- createPerson(user, true);
+ createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
-
+
// create file plan structure
NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate());
recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate());
}
-
+
public void when()
{
// give read and file permissions to user
filePlanPermissionService.setPermission(recordFolder, user, RMPermissionModel.FILING);
-
+
AuthenticationUtil.runAs(new RunAsWork()
{
public Void doWork() throws Exception
{
record = fileFolderService.create(recordFolder, GUID.generate(), ContentModel.TYPE_CONTENT).getNodeRef();
-
+
ContentWriter writer = contentService.getWriter(record, ContentModel.TYPE_CONTENT, true);
writer.setMimetype(MimetypeMap.MIMETYPE_TEXT_PLAIN);
writer.setEncoding("UTF-8");
writer.putContent("Lucy Wetherall");
-
+
return null;
}
- }, user);
+ }, user);
}
-
+
public void then()
{
// check the details of the record
assertTrue(recordService.isRecord(record));
}
- });
+ });
}
-
+
/**
* unit test for RM1649 fix
* test if a user with create record permissions and without file record permission is able to create a record within unfiled record container
@@ -163,7 +162,7 @@ public class CreateRecordTest extends BaseRMTestCase
String roleName = GUID.generate();
String user = GUID.generate();
NodeRef record;
-
+
public void given()
{
// create a role with view and create capabilities
@@ -171,16 +170,16 @@ public class CreateRecordTest extends BaseRMTestCase
capabilities.add(capabilityService.getCapability("ViewRecords"));
capabilities.add(capabilityService.getCapability("CreateRecords"));
filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
-
-
+
+
// create user and assign to role
createPerson(user, true);
filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
-
+
//give read and file permission to user on unfiled records container
filePlanPermissionService.setPermission(unfiledContainer , user, RMPermissionModel.FILING);
}
-
+
public void when()
{
AuthenticationUtil.runAs(new RunAsWork()
@@ -188,12 +187,12 @@ public class CreateRecordTest extends BaseRMTestCase
public Void doWork() throws Exception
{
record = recordService.createRecordFromContent(unfiledContainer, GUID.generate(), TYPE_CONTENT, null, null);
-
+
return null;
}
}, user);
}
-
+
public void then()
{
// check the details of the record
@@ -202,49 +201,4 @@ public class CreateRecordTest extends BaseRMTestCase
}
});
}
-
- public void testCreateRecordWithoutCreateRecordCapability() throws Exception
- {
- doBehaviourDrivenTest(new BehaviourDrivenTest(AccessDeniedException.class)
- {
- /** test data */
- String roleName = GUID.generate();
- String user = GUID.generate();
- NodeRef recordFolder;
-
- public void given()
- {
- // create role
- Set capabilities = new HashSet(2);
- capabilities.add(capabilityService.getCapability("ViewRecords"));
- filePlanRoleService.createRole(filePlan, roleName, roleName, capabilities);
-
- // create user and assign to role
- createPerson(user, true);
- filePlanRoleService.assignRoleToAuthority(filePlan, roleName, user);
-
- // create file plan structure
- NodeRef rc = filePlanService.createRecordCategory(filePlan, GUID.generate());
- recordFolder = recordFolderService.createRecordFolder(rc, GUID.generate());
- }
-
- public void when()
- {
- // give read and file permissions to user
- filePlanPermissionService.setPermission(recordFolder, user,
- RMPermissionModel.FILING);
-
- AuthenticationUtil.runAs(new RunAsWork()
- {
- public Void doWork() throws Exception
- {
- recordService.createRecordFromContent(recordFolder, GUID.generate(),
- TYPE_CONTENT, null, null);
-
- return null;
- }
- }, user);
- }
- });
- }
}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/CreateTransferFolderAsNonAdminUser.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/CreateTransferFolderAsNonAdminUser.java
new file mode 100644
index 0000000000..4409db99e8
--- /dev/null
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/CreateTransferFolderAsNonAdminUser.java
@@ -0,0 +1,157 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.integration.transfer;
+
+import static org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction.PARAM_EVENT_NAME;
+import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_RECORDS_MANAGER;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_AUTHORITY;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_INSTRUCTIONS;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_EVENT_NAME;
+import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
+import static org.alfresco.repo.security.authentication.AuthenticationUtil.runAs;
+import static org.alfresco.repo.site.SiteModel.SITE_CONSUMER;
+import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
+import static org.alfresco.util.GUID.generate;
+
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
+import org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction;
+import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.service.cmr.repository.NodeRef;
+
+/**
+ * Test case which shows that the user who creates the transfer gets filing permissions granted.
+ *
+ * @author Tuna Aksoy
+ * @since 2.3
+ */
+public class CreateTransferFolderAsNonAdminUser extends BaseRMTestCase
+{
+ // Test user
+ private String testUser = null;
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
+ */
+ @Override
+ protected boolean isUserTest()
+ {
+ return true;
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestUsersImpl(org.alfresco.service.cmr.repository.NodeRef)
+ */
+ @Override
+ protected void setupTestUsersImpl(NodeRef filePlan)
+ {
+ super.setupTestUsersImpl(filePlan);
+
+ // Create test user
+ testUser = generate();
+ createPerson(testUser);
+
+ // Join the RM site
+ siteService.setMembership(siteId, testUser, SITE_CONSUMER);
+
+ // Add the test user to RM Records Manager role
+ filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser);
+ }
+
+ public void testCreateTransferFolderAsNonAdminUser()
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest(testUser)
+ {
+ // Records folder
+ private NodeRef recordsFolder = null;
+
+ // Transfer folder
+ private NodeRef transferFolder = null;
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
+ */
+ @Override
+ public void given()
+ {
+ runAs(new RunAsWork()
+ {
+ public Void doWork()
+ {
+ // Create category
+ NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
+
+ // Give filing permissions for the test users on the category
+ filePlanPermissionService.setPermission(category, testUser, FILING);
+
+ // Create disposition schedule
+ utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
+
+ // Create folder
+ recordsFolder = recordFolderService.createRecordFolder(category, generate());
+
+ // Make eligible for cut off
+ Map params = new HashMap(1);
+ params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
+ rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
+
+ // Cut off folder
+ rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
+
+ return null;
+ }
+ }, getAdminUserName());
+
+ // FIXME: This step should be executed in "when()".
+ transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
+ */
+ @Override
+ public void when()
+ {
+ // FIXME: If the transfer step is executed here the test fails?!?
+ //transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
+ */
+ @Override
+ public void then()
+ {
+ // Check transfer folder
+ assertNotNull(transferFolder);
+
+ // User should have read permissions on the transfers container
+ assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
+
+ // Check if the user has filing permissions on the transfer folder
+ assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
+ }
+ });
+ }
+}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/FilingPermissionsOnTransferFolder.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/FilingPermissionsOnTransferFolder.java
new file mode 100644
index 0000000000..77778bad8d
--- /dev/null
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/FilingPermissionsOnTransferFolder.java
@@ -0,0 +1,192 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.integration.transfer;
+
+import static org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction.PARAM_EVENT_NAME;
+import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_RECORDS_MANAGER;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_AUTHORITY;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_INSTRUCTIONS;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_EVENT_NAME;
+import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
+import static org.alfresco.repo.security.authentication.AuthenticationUtil.runAs;
+import static org.alfresco.repo.site.SiteModel.SITE_CONSUMER;
+import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
+import static org.alfresco.util.GUID.generate;
+
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
+import org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction;
+import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction;
+import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.service.cmr.repository.NodeRef;
+
+/**
+ * Test case which shows that the user who did not create a transfer folder will
+ * be able to see and action on it if he gets filing permission on the transfer folder.
+ *
+ * @author Tuna Aksoy
+ * @since 2.3
+ */
+public class FilingPermissionsOnTransferFolder extends BaseRMTestCase
+{
+ // Test users
+ private String testUser1 = null;
+ private String testUser2 = null;
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
+ */
+ @Override
+ protected boolean isUserTest()
+ {
+ return true;
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestUsersImpl(org.alfresco.service.cmr.repository.NodeRef)
+ */
+ @Override
+ protected void setupTestUsersImpl(NodeRef filePlan)
+ {
+ super.setupTestUsersImpl(filePlan);
+
+ // Create test users
+ testUser1 = generate();
+ createPerson(testUser1);
+ testUser2 = generate();
+ createPerson(testUser2);
+
+ // Join the RM site
+ siteService.setMembership(siteId, testUser1, SITE_CONSUMER);
+ siteService.setMembership(siteId, testUser2, SITE_CONSUMER);
+
+ // Add the test users to RM Records Manager role
+ filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser1);
+ filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser2);
+ }
+
+ public void testFilingPermissionsOnTransferFolder()
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest(testUser1)
+ {
+ // Records folder
+ private NodeRef recordsFolder = null;
+
+ // Transfer folder
+ private NodeRef transferFolder = null;
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
+ */
+ @Override
+ public void given()
+ {
+ runAs(new RunAsWork()
+ {
+ public Void doWork()
+ {
+ // Create category
+ NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
+
+ // Give filing permissions for the test users on the category
+ filePlanPermissionService.setPermission(category, testUser1, FILING);
+ filePlanPermissionService.setPermission(category, testUser2, FILING);
+
+ // Create disposition schedule
+ utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
+
+ // Create folder
+ recordsFolder = recordFolderService.createRecordFolder(category, generate());
+
+ // Make eligible for cut off
+ Map params = new HashMap(1);
+ params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
+ rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
+
+ // Cut off folder
+ rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
+
+ return null;
+ }
+ }, getAdminUserName());
+
+ // FIXME: This step should be executed in "when()".
+ transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
+ */
+ @Override
+ public void when()
+ {
+ // FIXME: If the transfer step is executed here the test fails.
+ //transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
+
+ // Give testUser2 filing permissions on transfer folder
+ filePlanPermissionService.setPermission(transferFolder, testUser2, FILING);
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
+ */
+ @Override
+ public void then()
+ {
+ // Check transfer folder
+ assertNotNull(transferFolder);
+
+ // testUser1 should have read permissions on the transfers container
+ assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
+
+ // Check if testUser1 has filing permissions on the transfer folder
+ assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
+
+ runAs(new RunAsWork()
+ {
+ public Void doWork()
+ {
+ // Check transfer folder
+ assertNotNull(transferFolder);
+
+ // testUser2 should have read permissions on the transfers container
+ assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
+
+ // Check if testUser2 has read permissions on the transfer folder
+ assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, READ_RECORDS));
+
+ // Check if testUser2 has filing permissions on the transfer folder
+ assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
+
+ // FIXME: Should be able to execute the action. Failing intermittently.
+ // Execute transfer complete action as testUser2 who has filing permissions on the transfer folder
+ rmActionService.executeRecordsManagementAction(transferFolder, TransferCompleteAction.NAME);
+
+ return null;
+ }
+ }, testUser2);
+ }
+ });
+ }
+}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/NoPermissionsOnTransferFolder.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/NoPermissionsOnTransferFolder.java
new file mode 100644
index 0000000000..4ac4cf4fba
--- /dev/null
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/NoPermissionsOnTransferFolder.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.integration.transfer;
+
+import static org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction.PARAM_EVENT_NAME;
+import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_RECORDS_MANAGER;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_AUTHORITY;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_INSTRUCTIONS;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_EVENT_NAME;
+import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
+import static org.alfresco.repo.security.authentication.AuthenticationUtil.runAs;
+import static org.alfresco.repo.site.SiteModel.SITE_CONSUMER;
+import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
+import static org.alfresco.service.cmr.security.AccessStatus.DENIED;
+import static org.alfresco.util.GUID.generate;
+
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
+import org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction;
+import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.service.cmr.repository.NodeRef;
+
+/**
+ * Test case which shows that the user who did not create a transfer folder will not be able to see it.
+ *
+ * @author Tuna Aksoy
+ * @since 2.3
+ */
+public class NoPermissionsOnTransferFolder extends BaseRMTestCase
+{
+ // Test users
+ private String testUser1 = null;
+ private String testUser2 = null;
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
+ */
+ @Override
+ protected boolean isUserTest()
+ {
+ return true;
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestUsersImpl(org.alfresco.service.cmr.repository.NodeRef)
+ */
+ @Override
+ protected void setupTestUsersImpl(NodeRef filePlan)
+ {
+ super.setupTestUsersImpl(filePlan);
+
+ // Create test users
+ testUser1 = generate();
+ createPerson(testUser1);
+ testUser2 = generate();
+ createPerson(testUser2);
+
+ // Join the RM site
+ siteService.setMembership(siteId, testUser1, SITE_CONSUMER);
+ siteService.setMembership(siteId, testUser2, SITE_CONSUMER);
+
+ // Add the test users to RM Records Manager role
+ filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser1);
+ filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser2);
+ }
+
+ public void testNoPermissionsOnTransferFolder()
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest(testUser1)
+ {
+ // Records folder
+ private NodeRef recordsFolder = null;
+
+ // Transfer folder
+ private NodeRef transferFolder = null;
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
+ */
+ @Override
+ public void given()
+ {
+ runAs(new RunAsWork()
+ {
+ public Void doWork()
+ {
+ // Create category
+ NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
+
+ // Give filing permissions for the test users on the category
+ filePlanPermissionService.setPermission(category, testUser1, FILING);
+ filePlanPermissionService.setPermission(category, testUser2, FILING);
+
+ // Create disposition schedule
+ utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
+
+ // Create folder
+ recordsFolder = recordFolderService.createRecordFolder(category, generate());
+
+ // Make eligible for cut off
+ Map params = new HashMap(1);
+ params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
+ rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
+
+ // Cut off folder
+ rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
+
+ return null;
+ }
+ }, getAdminUserName());
+
+ // FIXME: This step should be executed in "when()".
+ transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
+ */
+ @Override
+ public void when()
+ {
+ // FIXME: If the transfer step is executed here the test fails.
+ //transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
+ */
+ @Override
+ public void then()
+ {
+ // Check transfer folder
+ assertNotNull(transferFolder);
+
+ // testUser1 should have read permissions on the transfers container
+ assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
+
+ // Check if testUser1 has filing permissions on the transfer folder
+ assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
+
+ runAs(new RunAsWork()
+ {
+ public Void doWork()
+ {
+ // Check transfer folder
+ assertNotNull(transferFolder);
+
+ // testUser2 should have read permissions on the transfers container
+ assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
+
+ // Check if testUser2 has read permissions on the transfer folder
+ assertEquals(DENIED, permissionService.hasPermission(transferFolder, READ_RECORDS));
+
+ return null;
+ }
+ }, testUser2);
+ }
+ });
+ }
+}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/ReadPermissionsOnTransferFolder.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/ReadPermissionsOnTransferFolder.java
new file mode 100644
index 0000000000..2ad2e58d49
--- /dev/null
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/ReadPermissionsOnTransferFolder.java
@@ -0,0 +1,201 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.integration.transfer;
+
+import static org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction.PARAM_EVENT_NAME;
+import static org.alfresco.module.org_alfresco_module_rm.role.FilePlanRoleService.ROLE_RECORDS_MANAGER;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_AUTHORITY;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_DISPOSITION_INSTRUCTIONS;
+import static org.alfresco.module.org_alfresco_module_rm.test.util.CommonRMTestUtils.DEFAULT_EVENT_NAME;
+import static org.alfresco.repo.security.authentication.AuthenticationUtil.getAdminUserName;
+import static org.alfresco.repo.security.authentication.AuthenticationUtil.runAs;
+import static org.alfresco.repo.site.SiteModel.SITE_CONSUMER;
+import static org.alfresco.service.cmr.security.AccessStatus.ALLOWED;
+import static org.alfresco.service.cmr.security.AccessStatus.DENIED;
+import static org.alfresco.util.GUID.generate;
+
+import java.io.Serializable;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.alfresco.module.org_alfresco_module_rm.action.impl.CompleteEventAction;
+import org.alfresco.module.org_alfresco_module_rm.action.impl.CutOffAction;
+import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferAction;
+import org.alfresco.module.org_alfresco_module_rm.action.impl.TransferCompleteAction;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
+import org.alfresco.service.cmr.repository.NodeRef;
+
+/**
+ * Test case which shows that the user who did not create a transfer folder will
+ * be able to see the transfer folder if he gets read permissions, but will not
+ * be able to action on it.
+ *
+ * @author Tuna Aksoy
+ * @since 2.3
+ */
+public class ReadPermissionsOnTransferFolder extends BaseRMTestCase
+{
+ // Test users
+ private String testUser1 = null;
+ private String testUser2 = null;
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#isUserTest()
+ */
+ @Override
+ protected boolean isUserTest()
+ {
+ return true;
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase#setupTestUsersImpl(org.alfresco.service.cmr.repository.NodeRef)
+ */
+ @Override
+ protected void setupTestUsersImpl(NodeRef filePlan)
+ {
+ super.setupTestUsersImpl(filePlan);
+
+ // Create test users
+ testUser1 = generate();
+ createPerson(testUser1);
+ testUser2 = generate();
+ createPerson(testUser2);
+
+ // Join the RM site
+ siteService.setMembership(siteId, testUser1, SITE_CONSUMER);
+ siteService.setMembership(siteId, testUser2, SITE_CONSUMER);
+
+ // Add the users to RM Records Manager role
+ filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser1);
+ filePlanRoleService.assignRoleToAuthority(filePlan, ROLE_RECORDS_MANAGER, testUser2);
+ }
+
+ public void testReadPermissionsOnTransferFolder()
+ {
+ doBehaviourDrivenTest(new BehaviourDrivenTest(testUser1)
+ {
+ // Records folder
+ private NodeRef recordsFolder = null;
+
+ // Transfer folder
+ private NodeRef transferFolder = null;
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#given()
+ */
+ @Override
+ public void given()
+ {
+ runAs(new RunAsWork()
+ {
+ public Void doWork()
+ {
+ // Create category
+ NodeRef category = filePlanService.createRecordCategory(filePlan, generate());
+
+ // Give filing permissions for the test users on the category
+ filePlanPermissionService.setPermission(category, testUser1, FILING);
+ filePlanPermissionService.setPermission(category, testUser2, FILING);
+
+ // Create disposition schedule
+ utils.createDispositionSchedule(category, DEFAULT_DISPOSITION_INSTRUCTIONS, DEFAULT_DISPOSITION_AUTHORITY, false, true, true);
+
+ // Create folder
+ recordsFolder = recordFolderService.createRecordFolder(category, generate());
+
+ // Make eligible for cut off
+ Map params = new HashMap(1);
+ params.put(PARAM_EVENT_NAME, DEFAULT_EVENT_NAME);
+ rmActionService.executeRecordsManagementAction(recordsFolder, CompleteEventAction.NAME, params);
+
+ // Cut off folder
+ rmActionService.executeRecordsManagementAction(recordsFolder, CutOffAction.NAME);
+
+ return null;
+ }
+ }, getAdminUserName());
+
+ // FIXME: This step should be executed in "when()".
+ transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#when()
+ */
+ @Override
+ public void when()
+ {
+ // FIXME: If the transfer step is executed here the test fails.
+ //transferFolder = (NodeRef) rmActionService.executeRecordsManagementAction(recordsFolder, TransferAction.NAME).getValue();
+
+ // Give testUser2 read permissions on transfer folder
+ filePlanPermissionService.setPermission(transferFolder, testUser2, READ_RECORDS);
+ }
+
+ /**
+ * @see org.alfresco.module.org_alfresco_module_rm.test.util.BaseRMTestCase.BehaviourDrivenTest#then()
+ */
+ @Override
+ public void then()
+ {
+ // Check transfer folder
+ assertNotNull(transferFolder);
+
+ // testUser1 should have read permissions on the transfers container
+ assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
+
+ // Check if testUser1 has filing permissions on the transfer folder
+ assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, FILING));
+
+ runAs(new RunAsWork()
+ {
+ public Void doWork()
+ {
+ // Check transfer folder
+ assertNotNull(transferFolder);
+
+ // testUser2 should have read permissions on the transfers container
+ assertEquals(ALLOWED, permissionService.hasPermission(transfersContainer, READ_RECORDS));
+
+ // Check if testUser2 has read permissions on the transfer folder
+ assertEquals(ALLOWED, permissionService.hasPermission(transferFolder, READ_RECORDS));
+
+ // Check if testUser2 filing permissions on the transfer folder
+ assertEquals(DENIED, permissionService.hasPermission(transferFolder, FILING));
+
+ // Try to execute transfer complete action as testUser2 who has no filing permissions on the transfer folder
+ try
+ {
+ rmActionService.executeRecordsManagementAction(transferFolder, TransferCompleteAction.NAME);
+ }
+ catch (AccessDeniedException ade)
+ {
+ // Expected
+ }
+
+ return null;
+ }
+ }, testUser2);
+ }
+ });
+ }
+}
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/TransferTestSuite.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/TransferTestSuite.java
new file mode 100644
index 0000000000..ceb1a8dedb
--- /dev/null
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/integration/transfer/TransferTestSuite.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ */
+package org.alfresco.module.org_alfresco_module_rm.test.integration.transfer;
+
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+import org.junit.runners.Suite.SuiteClasses;
+
+/**
+ * Transfer test suite
+ *
+ * @author Tuna Aksoy
+ * @since 2.3
+ */
+@RunWith(Suite.class)
+@SuiteClasses(
+{
+ CreateTransferFolderAsNonAdminUser.class,
+ FilingPermissionsOnTransferFolder.class,
+ NoPermissionsOnTransferFolder.class,
+ ReadPermissionsOnTransferFolder.class
+})
+public class TransferTestSuite
+{
+
+}